Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Windows 11 connectivity issue with OpenVPN in pfSense 2.8.1

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 393 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      Gcon
      last edited by

      I'm troubleshooting a strange issue with OpenVPN for Windows 11 road-warrior clients, where it seems to be just the OpenVPN server in pfSense in combo with Windows 11 clients having issues.

      Linux clients are fine connecting to the exact same pfSense server and accessing the same services that have issues under Windows 11.

      If these Windows 11 clients connect in via an alternative OpenVPN server running on OpenWRT (same OpenVPN version number) then things are fine.

      It's crazy but it's just Windows 11 plus pfSense 2.8.1 having issues.

      The symptoms are that websites behind the VPN may fail to load - especially if they have a lot of dynamic content. Also RDP to hosts at the remote site can take a while to connect and have regular timeouts.

      Both these things used to be fine 100% with Windows 11.

      It seems very MTU-like in its nature, but no settings have changed - we are clamping MSS just like before. The website in question is HTTPS 1.1 with a self-signed cert. I could put it behind our reverse proxy and that would probably fix things, but I want to troubleshoot this issue first, as it's RDP as well.

      It did work fine previously with no issue. A wireshark capture of MTU and MSS doesn't show anything strange, and firewall rules, and firewall logs seem OK. I'll be deep diving into this further this week, but only after I set up another parallel pfSense firewall that I can really dig into and not affect the production traffic.

      Thankfully I can do this as we have a routed IPv4 subnet /29 and I can use another public IP for our test firewall, and we run OSPF to our LAN routers, so I can advertise a separate OpenVPN tunnel /24 for my test pfSense box. If Netgate devs want me to run any commands or test suites or debugs I can do that, and do anything with the test box (hosted on Proxmox 8.4).

      I just thought I'd post here in case anyone has seen anything strange with Windows 11 road-warrior clients connecting via OpenVPN, and having issues with some local websites, and/or patchy RDP.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.